Bugs with crashes in memory deallocation code from crash-stats should be marked sec-critical/security-group by default

RESOLVED INCOMPLETE

Status

()

bugzilla.mozilla.org
General
RESOLVED INCOMPLETE
6 years ago
5 years ago

People

(Reporter: briansmith, Unassigned)

Tracking

Production

Details

+++ This bug was initially created as a clone of Bug #786836 +++

These are almost always double-frees or other exploitable errors.

We should find some way to hide them from public crash-stats by default as well.

Although I suggest we initially do this for memory deallocation bugs, I think crashes in NSS an certain other core modules are also potentially good candidates for the same treatment.
i had a quick chat with bsmith on irc to get some more information about this request.

we'll need to use the existence of keywords in the crash-signature field as a trigger for automatically securing a bug at creation time.


once the list of appropriate keywords has been provided, implementation should be trivial.
Component: Administration → General
Flags: needinfo?
no movement on this bug for a while, closing.

feel free to reopen if you can provide an appropriate list of crash-sig keywords that would trigger securing a bug.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
Flags: needinfo?
You need to log in before you can comment on or make changes to this bug.